Insuring integrity of remote procedure calls used in a client and server storage system

摘要

A system and method generates a message integrity check. The message integrity check value is computed by hashing one or more block checksums from procedure specific parameters of an RPC and then encrypting the resulting hash value. The computed message integrity check is appended to the RPC to thereby provide a level of security approaching or equal to the level of Integrity defined by the RPCSEC_GSS protocol specification.

主权项

1. A method for generating a message integrity check for a data transmission between a plurality of nodes of a cluster, the method comprising:
generating a single remote procedure call (RPC) data structure at a source node of the cluster to transmit data of the data transmission, wherein each node comprises a memory and processor and wherein requests and responses between the nodes include RPC data structures; computing one or more block checksums from the data of the data transmission to be included in the single RPC data structure; generating the message integrity check using a hash value of the one or more block checksums; appending the message integrity check to the single RPC data structure, wherein the single RPC data structure comprises a control portion maintaining the one or more block checksums and a message integrity section maintaining the message integrity check; and transmitting, over a computer network, the single RPC data structure, wherein the control portion of the single RPC data structure comprises an operation to perform a second message integrity check using the message integrity check appended to the single RPC data structure.